1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
17 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18 First appearing in Shibboleth 1.2 release.
22 <complexType name="PluggableType">
24 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
26 <attribute name="type" type="string" use="required"/>
27 <attribute name="uri" type="anyURI" use="optional"/>
28 <anyAttribute namespace="##any" processContents="lax"/>
31 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32 <element name="SPConfig" type="conf:SPConfigType"/>
33 <complexType name="SPConfigType">
35 <documentation>Root element of configuration file</documentation>
38 <element ref="conf:Extensions" minOccurs="0"/>
39 <choice minOccurs="0">
40 <element name="Global" type="conf:GlobalConfigurationType"/>
41 <element name="SHAR" type="conf:GlobalConfigurationType"/>
43 <choice minOccurs="0">
44 <element name="Local" type="conf:LocalConfigurationType"/>
45 <element name="SHIRE" type="conf:LocalConfigurationType"/>
47 <element ref="conf:Applications"/>
48 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
49 <element ref="conf:AttributeFactory" minOccurs="0" maxOccurs="unbounded"/>
51 <attribute name="logger" type="anyURI" use="optional"/>
52 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
53 <anyAttribute namespace="##other" processContents="lax"/>
56 <element name="Extensions">
58 <documentation>Container for extension libraries and custom configuration</documentation>
62 <element name="Library" minOccurs="0" maxOccurs="unbounded">
65 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
67 <attribute name="path" type="anyURI" use="required"/>
68 <attribute name="fatal" type="boolean" use="optional"/>
69 <anyAttribute namespace="##other" processContents="lax"/>
72 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77 <complexType name="GlobalConfigurationType">
79 <documentation>Container for global (server independent) configuration</documentation>
82 <element ref="conf:Extensions" minOccurs="0"/>
84 <element name="UnixListener">
86 <attribute name="address" type="string" use="required"/>
89 <element name="TCPListener">
91 <attribute name="address" type="string" use="required"/>
92 <attribute name="port" type="unsignedInt" use="required"/>
93 <attribute name="acl" use="optional" default="127.0.0.1">
95 <list itemType="string"/>
100 <element name="MemoryListener" type="conf:PluggableType"/>
101 <element name="Listener" type="conf:PluggableType"/>
104 <element name="MemorySessionCache">
106 <attributeGroup ref="conf:SessionCacheProperties"/>
107 <anyAttribute namespace="##other" processContents="lax"/>
110 <element name="MySQLSessionCache">
113 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
115 <attributeGroup ref="conf:SessionCacheProperties"/>
116 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
117 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
118 <anyAttribute namespace="##other" processContents="lax"/>
121 <element name="SessionCache">
124 <extension base="conf:PluggableType">
125 <attributeGroup ref="conf:SessionCacheProperties"/>
131 <choice minOccurs="0">
132 <element name="MySQLReplayCache">
135 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
137 <anyAttribute namespace="##other" processContents="lax"/>
140 <element name="ReplayCache" type="conf:PluggableType"/>
142 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
144 <attribute name="logger" type="anyURI" use="optional"/>
145 <anyAttribute namespace="##other" processContents="lax"/>
148 <attributeGroup name="SessionCacheProperties">
149 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
150 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
151 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
152 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
153 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
154 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
155 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
156 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
159 <complexType name="LocalConfigurationType">
162 Container for configuration of locally integrated or platform-specific
163 features (e.g. web server filters)
167 <element ref="conf:Extensions" minOccurs="0"/>
168 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
169 <element name="Implementation" minOccurs="0">
171 <choice maxOccurs="unbounded">
172 <element ref="conf:ISAPI"/>
173 <any namespace="##other" processContents="lax"/>
177 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
179 <attribute name="logger" type="anyURI" use="optional"/>
180 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
181 <attribute name="unsetHeaderValue" type="string" use="optional"/>
182 <attribute name="checkSpoofing" type="boolean" use="optional"/>
183 <attribute name="catchAll" type="boolean" use="optional"/>
184 <anyAttribute namespace="##other" processContents="lax"/>
187 <element name="ISAPI">
190 <element name="Site" maxOccurs="unbounded">
193 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
195 <attribute name="id" type="unsignedInt" use="required"/>
196 <attribute name="name" type="string" use="required"/>
197 <attribute name="port" type="unsignedInt" use="optional"/>
198 <attribute name="sslport" type="unsignedInt" use="optional"/>
199 <attribute name="scheme" type="string" use="optional"/>
202 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
204 <attribute name="normalizeRequest" type="boolean" use="optional"/>
205 <anyAttribute namespace="##other" processContents="lax"/>
208 <element name="NSAPI" type="anyType"/>
209 <element name="Java" type="anyType"/>
211 <element name="AccessControl" type="conf:UniOperatorType">
214 A simple example access policy language extension that supersedes Apache .htaccess
218 <element name="OR" type="conf:MultiOperatorType"/>
219 <element name="AND" type="conf:MultiOperatorType"/>
220 <element name="NOT" type="conf:UniOperatorType"/>
221 <complexType name="UniOperatorType">
223 <element ref="conf:AND"/>
224 <element ref="conf:OR"/>
225 <element ref="conf:NOT"/>
226 <element ref="conf:Rule"/>
229 <complexType name="MultiOperatorType">
230 <choice minOccurs="2" maxOccurs="unbounded">
231 <element ref="conf:AND"/>
232 <element ref="conf:OR"/>
233 <element ref="conf:NOT"/>
234 <element ref="conf:Rule"/>
237 <element name="Rule">
240 <extension base="conf:listOfStrings">
241 <attribute name="require" type="string" use="required"/>
246 <simpleType name="listOfStrings">
247 <list itemType="string"/>
250 <attributeGroup name="ContentSettings">
251 <attribute name="authType" type="string" use="optional"/>
252 <attribute name="requireSession" type="boolean" use="optional"/>
253 <attribute name="requireSessionWith" type="string" use="optional"/>
254 <attribute name="exportAssertion" type="boolean" use="optional"/>
255 <attribute name="redirectToSSL" type="unsignedInt" use="optional"/>
256 <anyAttribute namespace="##other" processContents="lax"/>
258 <element name="AccessControlProvider" type="conf:PluggableType"/>
259 <element name="htaccess" type="conf:PluggableType"/>
261 <element name="RequestMap">
264 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
269 <choice minOccurs="0">
270 <element ref="conf:htaccess"/>
271 <element ref="conf:AccessControl"/>
272 <element ref="conf:AccessControlProvider"/>
274 <choice minOccurs="0" maxOccurs="unbounded">
275 <element ref="conf:Host"/>
276 <element ref="conf:HostRegex"/>
279 <attribute name="applicationId" type="string" fixed="default"/>
280 <attributeGroup ref="conf:ContentSettings"/>
284 <element name="Host">
287 <choice minOccurs="0">
288 <element ref="conf:htaccess"/>
289 <element ref="conf:AccessControl"/>
290 <element ref="conf:AccessControlProvider"/>
292 <choice minOccurs="0" maxOccurs="unbounded">
293 <element ref="conf:Path"/>
294 <element ref="conf:PathRegex"/>
297 <attribute name="scheme" use="optional">
299 <restriction base="string">
300 <enumeration value="http"/>
301 <enumeration value="https"/>
302 <enumeration value="ftp"/>
303 <enumeration value="ldap"/>
304 <enumeration value="ldaps"/>
308 <attribute name="name" type="string" use="required"/>
309 <attribute name="port" type="unsignedInt" use="optional"/>
310 <attribute name="applicationId" type="string" use="optional"/>
311 <attributeGroup ref="conf:ContentSettings"/>
315 <element name="HostRegex">
318 <choice minOccurs="0">
319 <element ref="conf:htaccess"/>
320 <element ref="conf:AccessControl"/>
321 <element ref="conf:AccessControlProvider"/>
323 <choice minOccurs="0" maxOccurs="unbounded">
324 <element ref="conf:Path"/>
325 <element ref="conf:PathRegex"/>
328 <attribute name="regex" type="conf:string" use="required"/>
329 <attribute name="ignoreCase" type="boolean" default="true"/>
330 <attribute name="applicationId" type="conf:string"/>
331 <attributeGroup ref="conf:ContentSettings"/>
335 <element name="Path">
338 <choice minOccurs="0">
339 <element ref="conf:htaccess"/>
340 <element ref="conf:AccessControl"/>
341 <element ref="conf:AccessControlProvider"/>
343 <choice minOccurs="0" maxOccurs="unbounded">
344 <element ref="conf:Path"/>
345 <element ref="conf:PathRegex"/>
348 <attribute name="name" type="string" use="required"/>
349 <attribute name="applicationId" type="string" use="optional"/>
350 <attributeGroup ref="conf:ContentSettings"/>
354 <element name="PathRegex">
357 <choice minOccurs="0">
358 <element ref="conf:htaccess"/>
359 <element ref="conf:AccessControl"/>
360 <element ref="conf:AccessControlProvider"/>
363 <attribute name="regex" type="conf:string" use="required"/>
364 <attribute name="ignoreCase" type="boolean" default="true"/>
365 <attribute name="applicationId" type="conf:string"/>
366 <attributeGroup ref="conf:ContentSettings"/>
370 <element name="Applications">
372 <documentation>Container for global target settings and application-specific overrides</documentation>
376 <element ref="conf:Sessions"/>
377 <element ref="conf:Errors"/>
378 <element ref="conf:CredentialUse" minOccurs="0"/>
379 <choice minOccurs="0" maxOccurs="unbounded">
380 <element ref="saml:AttributeDesignator"/>
381 <element ref="saml:Audience"/>
382 <element name="AAPProvider" type="conf:PluggableType"/>
383 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
384 <element name="MetadataProvider" type="conf:PluggableType"/>
385 <element name="TrustProvider" type="conf:PluggableType"/>
387 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
389 <attribute name="id" type="string" fixed="default"/>
390 <attribute name="providerId" type="anyURI" use="required"/>
391 <attribute name="homeURL" type="anyURI" use="optional"/>
392 <anyAttribute namespace="##other" processContents="lax"/>
396 <element name="Application">
398 <documentation>Container for application-specific overrides</documentation>
402 <element ref="conf:Sessions" minOccurs="0"/>
403 <element ref="conf:Errors" minOccurs="0"/>
404 <element ref="conf:CredentialUse" minOccurs="0"/>
405 <choice minOccurs="0" maxOccurs="unbounded">
406 <element ref="saml:AttributeDesignator"/>
407 <element ref="saml:Audience"/>
408 <element name="AAPProvider" type="conf:PluggableType"/>
409 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
410 <element name="MetadataProvider" type="conf:PluggableType"/>
411 <element name="TrustProvider" type="conf:PluggableType"/>
414 <attribute name="id" type="string" use="required"/>
415 <attribute name="providerId" type="anyURI" use="optional"/>
416 <attribute name="homeURL" type="anyURI" use="optional"/>
417 <anyAttribute namespace="##other" processContents="lax"/>
421 <element name="KeyInfoResolver" type="conf:PluggableType">
424 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
425 TrustProvider elements.
430 <element name="Sessions">
432 <documentation>Container for specifying app session establishment and policy</documentation>
435 <choice minOccurs="0" maxOccurs="unbounded">
436 <element ref="conf:SessionInitiator"/>
437 <element ref="md:AssertionConsumerService"/>
438 <element ref="md:SingleLogoutService"/>
439 <element ref="conf:DiagnosticService"/>
440 <element name="ExtensionService" type="conf:PluggableType"/>
442 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
443 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
444 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
445 <attribute name="handlerURL" type="anyURI" use="optional"/>
446 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
447 <attribute name="cookieName" type="string" use="optional"/>
448 <attribute name="cookieProps" type="string" use="optional"/>
449 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
450 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
451 <attribute name="lifetime" type="unsignedInt" use="optional"/>
452 <attribute name="timeout" type="unsignedInt" use="optional"/>
453 <attribute name="checkAddress" type="boolean" use="optional"/>
454 <attribute name="consistentAddress" type="boolean" use="optional" default="true"/>
455 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
456 <anyAttribute namespace="##other" processContents="lax"/>
459 <element name="SessionInitiator">
461 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
465 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
467 <attribute name="Location" type="anyURI" use="required"/>
468 <attribute name="Binding" type="anyURI" use="required"/>
469 <attribute name="wayfURL" type="anyURI" use="optional"/>
470 <attribute name="wayfBinding" type="anyURI" use="optional"/>
471 <attribute name="checkCDC" type="anyURI" use="optional"/>
472 <attribute name="isDefault" type="boolean" use="optional"/>
473 <attribute name="id" type="string" use="optional"/>
474 <anyAttribute namespace="##any" processContents="lax"/>
477 <element name="DiagnosticService">
479 <documentation>Used to specify internal diagnostic capabilities</documentation>
483 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
485 <attribute name="Location" type="anyURI" use="required"/>
486 <attribute name="Binding" type="anyURI" use="required"/>
487 <attribute name="echo" type="boolean" use="optional"/>
488 <attribute name="log" type="boolean" use="optional"/>
489 <attribute name="config" type="boolean" use="optional"/>
490 <attribute name="acl" use="optional">
492 <list itemType="string"/>
495 <anyAttribute namespace="##any" processContents="lax"/>
499 <element name="Errors">
501 <documentation>Container for error templates and associated details</documentation>
505 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
507 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
508 <attribute name="session" type="anyURI" use="optional"/>
509 <attribute name="metadata" type="anyURI" use="optional"/>
510 <attribute name="rm" type="anyURI" use="required"/>
511 <attribute name="access" type="anyURI" use="optional"/>
512 <attribute name="ssl" type="anyURI" use="optional"/>
513 <attribute name="supportContact" type="string" use="optional"/>
514 <attribute name="logoLocation" type="anyURI" use="optional"/>
515 <attribute name="styleSheet" type="anyURI" use="optional"/>
516 <anyAttribute namespace="##any" processContents="lax"/>
520 <attributeGroup name="CredentialUseGroup">
521 <attribute name="TLS" type="string" use="optional"/>
522 <attribute name="Signing" type="string" use="optional"/>
523 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
524 <attribute name="signatureAlg" type="anyURI" use="optional"/>
525 <attribute name="digestAlg" type="anyURI" use="optional"/>
526 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
527 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
528 <attribute name="authType" use="optional">
530 <restriction base="string">
531 <enumeration value="basic"/>
532 <enumeration value="digest"/>
533 <enumeration value="ntlm"/>
534 <enumeration value="gss"/>
538 <attribute name="authUsername" use="optional"/>
539 <attribute name="authPassword" use="optional"/>
542 <element name="CredentialUse">
544 <documentation>Container for specifying credentials to use</documentation>
548 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
551 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
553 <attribute name="Name" type="string" use="required"/>
554 <attributeGroup ref="conf:CredentialUseGroup"/>
555 <anyAttribute namespace="##other" processContents="lax"/>
558 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
560 <attributeGroup ref="conf:CredentialUseGroup"/>
561 <anyAttribute namespace="##other" processContents="lax"/>
565 <element name="AttributeFactory">
567 <documentation>Specifies a plugin that implements a specialized SAML attribute</documentation>
571 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
573 <attribute name="type" type="string" use="required"/>
574 <attribute name="AttributeName" type="string" use="required"/>
575 <anyAttribute namespace="##other" processContents="lax"/>